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A  DISTRIBUTED  SHORTEST  PATH  PROTOCOL 


Franc ine  B.M.  Zerbib  and  Adrian  Segal 1 

Departments  of  Computer  Science  and  Electrical  Engineering 
Technion,  Israel  Institute  of  Technology 

ABSTRACT 


— ^We  present  a  distributed  protocol  for  obta'ning  the  shortest  paths 
between  all  pairs  of  nodes  in  a  network  with  weighted  links.  The  protocol  is 
based  on  an  extension  to  the  Dijkstra  (centralized)  shortest  path  algorithm  and 
uses  collaboration  between  neighboring  nodes  to  transfer  the  information  needed 
at  the  nodes  for  the  successive  construction  of  the  shortest  paths.  A  formal 
description  of  the  protocol  is  given  by  indicating  the  exact  algorithm  performed 
by  each  node.  The  validation  proofs  are  greatly  simplified  by  separating  the 
communication  mechanism  from  the  computation  at  the  nodes,  the  latter  being  the 
transposition  of  the  Dijkstra  shortest  path  algorithm  to  the  decentralized  protocol. 


The  work  of  A.  Segall  was  performed  on  a  consulting  agreement  with  the  Laboratory 
for  Information  and  Decision  Systems  at  MIT,  Cambridge,  Mass,  and  was  supported  in 
part  by  the  Advanced  Research  Project  Agency  of  the  US  Department  of  Defense  (moni¬ 
tored  by  ONR)  under  Contract  N00014-75-C-1183  and  in  part  by  the  Office  of  Naval 
Research  under  Contract  0NR/N0O014-77-C-0552 S 
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1.  Introduction 


This  paper  presents  a  distributed  protocol  for  obtaining  shortest 
paths  and  distances  between  nodes  in  a  network.  The  ’’odes  are  assumed  to 
possess  a  certain  memory  and  computation  capability  and  to  be  able  to  colla¬ 
borate  via  control  messages  exchanged  between  neighbors.  Each  node  builds 
its  tree  of  shortest  paths  to  all  other  nodes  in  the  network  and,  while 
proceeding  with  its  own  algorithm,  also  helps  the  other  nodes  to  advance 
their  algorithm. 

Each  node  is  assumed  to  start  its  algorithm  with  knowledge  of  the 
weights  of  the  adjacent  outgoing  links  and  of  the  identities  of  the  nodes 
that  may  potentially  be  in  the  network.  When  the  algorithm  is  completed  at 
a  node,  it  knows  which  nodes  are  indeed  reachable  and  the  shortest  path  and 
distance  to  each. 

The  distributed  protocol  here  is  based  on  the  Dijkstra  algorithm 
[1],  [2]  for  obtaining  shortest  paths  in  a  centralized  way.  An  early  version 
of  the  present  distributed  protocol  was  proposed  by  R.G.  Gallager  [3]  and 
analysed  by  D.  Friedman  [4].  The  present  version  adds  features  that  produce 
savings  in  communication  and  protocol  duration  as  explained  in  Section  6.  In 
addition,  we  present  a  complete  description  of  the  algorithm  that  must  be 
performed  by  the  nodes  to  participate  in  the  distributed  protocol  and  a 
rigorous  validation  of  its  performance. 

The  validation  process  is  based  on  examination  of  the  decentralized 
protocol  vs.  the  centralized  algorithm,  where  in  the  first  one  we  distinguish 
the  communication  process  from  the  computation  part.  The  first  one  deals  with 
the  construction  of  a  communication  mechanism  whose  purpose  is  to  enable  a 
node  to  obtain  information  that  initially  resides  at  other  nodes.  This 
mechanism  is  also  designed  in  such  a  way  that  nodes  screen  and  summarize  the 
information  prior  to  its  transmission  to  a  neighbor.  Once  the  information  is 
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correctly  transmitted,  the  computation  part  is  able  to  construct  shortest 
paths  as  in  the  centralized  algorithm.  We  show  that,  provided  that  the 
centralized  algorithm  is  already  known  and  proved  (as  in  the  case  of  the 
Dijkstra  algorithm),  such  a  separation  reduces  the  validation  of  the  dis¬ 
tributed  protocol  to  the  proof  of  correctness  of  the  communication  mechanism. 

The  paper  is  organized  as  follows  :  in  Section  2  we  present  several 
notations  and  definitions  that  are  used  in  the  rest  of  the  paper,  while 
Section  3  summarizes  the  Centralized  Dijkstra  Algorithm  (CDA)  and  its  main 
properties.  An  extended  version  of  the  CDA,  introduced  and  proved  in  Section  4 
leads  to  the  Distributed  Dijkstra  Protocol  (DDP)  which  is  presented  in  Section  5. 
Its  validation  is  given  partly  in  the  same  section  and  partly  deferred  to  the 
Appendix.  Finally,  Section  6  contains  several  conclusions,  calculations  of 
communication  complexity  and  comparisons  with  previous  works. 
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Basic  notations  and  definitions 

Let  G(V,E)  be  a  graph,  where  V  is  a  set  of  nodes  and  E  a  set 

of  links.  The  nodes  in  V  are  numbered  l,2,...,|v),  and  are  referred  to  by 

their  number.  We  assume  that  each  link  is  bidirectional  and  associate  to 

each  direction  on  a  link  from  i  to  j  a  strictly  positive  weight  , 

where  the  weights  of  opposite  directions  may  be  different.  For  convenience, 

we  take  d. .  *  0  and  if  there  is  no  link  from  i  to  j  we  take  d. .  =  ®. 

11  ij 

A  path  is  a  sequence  of  distinct  nodes  { i© , i i , • -  - , im }  such  that  there  is 
a  link  connecting  i  and  i^j.  Given  a  path  P,  we  define  DIST(P)  as 
the  sum  of  the  weights  along  the  path.  For  the  purpose  of  the  algorithms  of 
this  paper,  it  is  convenient  to  define  a  total  order  4  on  all  paths  origi¬ 
nating  at  a  given  node  i,  by  using  the  following  recursive  definition  : 

Definition  2.1 

We  say  that  two  paths  P^,  P^  -that  originate  at  a  node  i  are  such 
that  DIST  (P^  ■<  DIST  IP2)  if  one  of  the  following  holds  : 

a)  DIST  (P  )  <  DIST  (P0) 

b)  DIST  (P  )  =  DIST  (P,)  and  k^<k2  where  k^,k2  are  the  end  nodes  of  P^,P2 

respectively. 

c)  DIST  (P  )  =  DIST  ( P2 )  and  k^^  and  DIST  (Pj)  <<  DIST  (PJ),  where  Pj,P£ 

are  subpaths  of  Pj,P->  originating  at  i  and  terminating 
at  the  nodes  kj,  preceding  kj=k2  on  each  of  the  paths. 

We  say  that  P^  is  shorter  than  P.,  if  DIST  (P^)  DIST  (P2)  .  For 
any  two  nonidentical  paths  P^,  Pn  originating  at  a  node  i,  either  P^  is 
shorter  than  P-,  or  P2  is  shorter  than  P^.  Also,  with  this  definition,  there 
is  a  unique  path  connecting  two  given  nodes  i  and  k  that  is  shorter  than  all 
other  paths  connecting  i  and  k,  and  fhis  will  be  called  the  shortest  path. 

In  addition,  this  definition  ensures  that  if  j  is  a  node  on  the  shortest  path  P 

from  r.ode  i  to  node  k,  then  the  shortest  path  from  i  to  j  and  the  shortest 
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path  from  j  to  k  are  both  subpaths  of  P.  This  last  property  is  of  importance  ] 

in  the  distributed  protocol  and  its  validation.  I 

! 

I 

1 

In  this  paper,  an  array  will  be  denoted  by  a  capital  letter,  possibly  ■] 

with  a  subscript  indicating  the  node  where  the  array  is  located.  For  example 
is  the  node  table  at  node  i.  The  notation  J'f  =  (N-s^  N*d^,  N*p^)  means  that 
the  columns  of  Ni  are  N*si,  N-d^  and  Ni(x)  denotes  the  row  x  in  f'T. 

Also  N* s^  (x)  is  the  entry  in  the  row  x  of  N*s^.  Therefore  f'Lfx)  (0,®,  nil) 

means  N*s^(x)  +■  0,  N*d^(x)  •*-  «,  N*p^(x)  *■  nil  and  N*d^  »  means  N*d^(y)  *■  • 

for  all  y. 


In  each  of  the  algorithms  presented  in  this  paper,  a  node  i  will  hold 
variables  N-d^(k),  N^p^k)  for  each  node  k  that  indicate  respectively  DTSTIP) 
where  P  is  a  certain  path  from  i  to  k  and  the  predecessor  of  k  on  P. 
Similarly  to  Definition  2.1,  we  use  : 

Definition  2.2 

We  say  that  N*d^(kj)  ^  N*d^(k2),  where  k^  k.,,  if  one  of  the  following 

holds  : 

a)  N*d^  (k^)  <  N*d^(k,) 

b)  N'd^kj)  =  N*d^  (k,)  and  k^kj 

Also,  if  i  is  a  neighbor  of  k  such  that  j  /  N*p^(k),  we  say  that 
N*d^(j)  +  d^  *4  N*d^(k)  if  one  of  the  relations  below  holds  : 

c)  N-d.(j)  +  d.k  <  N-d.(k) 

d)  N - d . ( j )  +  d.,  =  N*d.(k)  and  j  <  N*p. (k)  . 

1  J  K  1  1 

We  define  the  relation  ^  in  a  similar  manner. 

Throughout  the  paper,  all  comparisons  will  be  made  according  to  the 

★ 

relation  .  For  example,  a  node  that  achieves  min  N*d.(k)  is  the  unique  node  k 

k  1 

for  which  N*d.(k  1  K  N*d^(k)  for  all  k.  Other  notations  are  : 

A 
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Si  =  set  of  neighbors  of  node  i 

A  =  (A*n,  A*d)  adjacency  array  of  some  node  p,  where  A*n  c  S 

and  A*d(x)  =  d  ,  ,  . 

p,A*nu(x) 

MMP(i,k)  =  shortest  path  from  i  to  k  (in  the  sense  of  Definition  2.1) 

MMD(i ,k)  *  DIST  (MMP(i,k)) 

f .  (k)  =  first  node  after  i  on  MMP(i,k) 

MP(cond,  i,k)  =  shortest  path  from  i  to  k  under  condition  cond. 

MD(cond,  i ,k)  =  DIST  (MP(cond,  i,k)) 

on  U  :  let  U  cV  and  i  e  U;  then  a  path  {i  ,i i  ,,i  }  is  on  U  if 
-  —  o  oi  m-l  m 

i^  e  U  for  l  =  0,1,..., m-1  (but  not  necessarily  for  2.  =  m), 

Rik  =  ^xlx  e  ^k  anc*  k  i-s  t^le  Pre<^ecessOT  x  on  MMP(i,x)}  is  called  the 
set  of  sons  of  k  for  i.  Note  that  Definition  2.1  ensures  that  for  a 
given  i,  every  node  is  the  son  of  exactly  one  node. 

When  necessary,  we  indicate  the  value  of  a  variable  at  a  given  time  t  by 
writing  t  in  parentheses  following  the  name  of  the  variable. 

The  sequence  of  actions  performed  by  the  processor  at  a  node  as  a 
result  of  receiving  a  message  is  assumed  to  be  executed  without  interruption 
and  is  referred  to  as  an  event .  Consequently  we  may  assume  that  an  event 
takes  zero  time  and  that  no  two  events  occur  at  the  same  time.  In  addition, 
in  the  distributed  protocol,  messages  sent  by  a  node  to  a  neighbor  are  assumed 
to  arrive  correctly  and  in  order  within  arbitrary  nonzero  finite  time. 
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3.  The  Centralized  Dijkstra  Algorithm  (CDA) 

The  Dijkstra  algorithm  starts  with  knowledge  of  the  topology  of  the 

graph  and  the  weights  of  the  links,  and  computes  shortest  distances  and  paths 

from  a  given  node  i  to  all  the  other  nodes  in  the  network.  The  algorithm 

divides  the  nodes  in  three  categories  :  -  set  of  "permanent"  nodes, 

T.  -  set  of  "tentative"  nodes  and  the  rest  forms  the  set  of  "unknown"  nodes. 

1 

The  tentative  nodes  are  the  neighbors  of  permanent  nodes  that  are  not  permanent 
themselves.  At  any  given  instant  the  algorithm  knows  the  shortest  path  and 
distance  from  i  to  all  permanent  nodes  x  e  and  also  the  shortest  path 
and  distance  on  P^  from  node  i  to  all  tentative  nodes.  In  each  step  of 
the  algorithm  the  tentative  node  y  with  the  shortest  distance  to  the  source 
node  i  is  made  permanent,  its  neighbors  that  are  not  already  tentative  or  per¬ 
manent  are  made  tentative  and  the  distances  to  all  tentative  neighbors  of  y 
are  updated.  In  order  to  facilitate  comparison  with  the  other  algorithms  of 
this  paper,  we  imagine  a  main  processor  at  node  i  that  performs  the  main 
algorithm  helped  by  a  slave  (also  located  at  node  i)  whose  role  is  to 
extract  the  adjacency  array  of  a  given  node  from  the  memory  and  forward  it  to 
the  main  processor. 

Assumption  on  the  operation  of  the  slave 

ASK(y)  denotes  a  request  by  the  main  processor  to  the  slave  asking  for  the  adjacency 

array  of  node  y  containing  all  neighbors  of  y;  the  assumption  is  that  whenever 

such  a  request  is  released  and  only  as  a  response  to  such  a  request,  ANSfy.Aj  is 

delivered  by  the  slave  within  arbitrary  finite  time,  where  A  =  (A*n,  A*d  , 

A*n  -  S  and  for  all  lines  r  in  A  we  have  A*d(r)  =  d  ,  .  . . 

y  y,A*n(r) 
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THE  CENTRALIZED  DIJKSTRA  ALGORITHM  (CPA) 

Variables  used  by  the  algorithm  at  node  _i 

:  array  NL  =  (N*s^,  N-d^,  N»p^)  as  described  below  (|v|  rows,  3  columns) 

N*s^(x)  :  status  of  node  x:  2  =  permanent,  1  =  tentative,  0  =  unknown  (all  xeV) 

N*d^(x)  :  estimated  distance  to  x  (all  xeV) 

N*p^(x)  :  identity  of  predecessor  of  x  on  the  path  from  i  to  x  (all  xeV) 

nn  :  the  node  to  be  made  permanent  next. 

Internal  messages  to/from  processor 

ASK (p)  =  message  to  slave  requesting  the  adjacency  array  that  contains  all 

neighbors  of  node  p 

ANS(u,A)  =  message  from  slave  providing  adjacency  array  A  of  node  u  with 

A*n  =  S  . 

P 

START  =  command  given  to  the  main  processor  to  start  algorithm 
The_algorithm_at_node  i 

Initial  state  :  NL  =  (0,°°,  nil) 

1 .  For1  START 

2.  N.(i)  (1,0,  nil)  ;  ASK(i)  . 

3.  For  ANS(i,A) 

4.  N*s^(i)  2;  VxcA’n,  set  f'h  (x)  ■*-  (1,  d^,  i)  ;  go  to  <11>  . 

5.  For  ANS(u>A)  ,  u/i 

6.  N-s.(p)  -  2  ; 

7.  V  rows  r  of  A,  let  x  =  A*n(r)  and 

8.  rf  N*s^(x)  <  2  and  N*d^(p)  +  A*d(r)  •<  N*d^(x) 

9.  then  N^(x)  (1,  N*d^(y)  +  A*d(r),  p)  ; 

10.  i_f  Vx  holds  N*s^(x)^l,  then  STOP 

11.  else  m.  -  y*  that  achieves  min  {N-d . (v) I N* s . (y)  =  1} 

ASK  Cm. ) 

i 


12. 
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In  order  to  describe  the  properties  of  the  algorithm^  need  the  following 
Definition  3 . 1 

If  k  e  P.  U  T.  (i.e.  N«s^(k)^0),  we  say  that  k  is  known  at  i.  Then  the  path 

(i=i  ,i1,i7,...,im  =  k)  defined  by  i^_1  =  M-p^i^  is  said  to  be  the  path 
to  k  known  at  i.  This  path  can  be  found  from  table  NL  by  going  backwards 
from  node  k . 

b)  If  k  d  P.  U  T. ,  we  say  k  is  unknown  at  i. 

c)  If  k  is  known  at  i  and  the  path  known  is  the  shortest  path  MMP(i,k), 

we  say  that  k  is  strongly  known  at  i. 

The  fundamental  properties  of  CDA,  as  well  as  of  the  other  algorithms  of 
the  paper  are  : 

Fundamental  properties 

a)  If  x  e  Pi>  then  N«p^(x)  e  P^,  node  x  is  strongly  known  at  i  and 

N*d^(x)  =  MMD(i,x'J  . 

'.■>)  If  x  e  T^,  then  N*p^(x)  e  P^,  node  x  is  known  at  i  at  MP(on  P  ,  i,x) 

and  N*d^(x)  =  MD(on  P  ,  i,x). 

c)  STOP  occurs  in  finite  time  and  whenever  this  happens  (i.e.,  whenever  all 

N«s^(x)  are  0  or  2),  the  algorithm  is  completed.  At  that  time 

P.  =  (all  nodes  reachable  from  i},  T.  =  tp ,  V-P.  =  fall  nodes  nonreachable 
i  i  i 

from  i}  . 

Theorem  3.1  [ 1] ,  [2] 

The  fundamental  properties  a),  b) ,  c)  hold  for  CDA  and  in  addition  : 

d)  at  all  times  holds  U  S  =  P.  U  T. 

xeP .  X  1  1 

l 

e)  nodes  x  become  permanent  (i.e.  N*s^(x)  -*-2  is  performed)  in  the  order  of 

increasing  distance  from  i  in  the  sense  of  Definition  2.1. 
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4.  The  Extended  Centralized  Dijkstra  Algorithm  (ECDA) 

The  distributed  protocol  to  be  presented  in  Section  5  is  based  on 
an  extended  version  of  the  centralized  Dijkstra  algorithm.  The  former  consists 
of  two  major  mechanisms  :  the  computation  at  the  nodes  and  the  communication 
between  neighbors.  The  main  processor  at  a  node  performs  the  algorithm  by  using 
timing  and  topological  information  received  from  the  communication  mechanism. 

For  purposes  of  presentation  it  is  convenient  to  extract  from  the  distributed 
protocol  the  communication  part  and  replace  it  by  two  imaginary  processes  : 
an  oracle  that  provides  timing  information  and  a  slave  that  gives  topological 
information,  the  latter  being  slightly  different  from  Section  3.  The  result  is 
the  extended  centralized  Dijkstra  algorithm  presented  below  which 'is  not  an 
implementable  algorithm,  but  rater  an  illustrative  one,  but  it  allows  us  to 
present  separately  the  computation  and  the  communication  mechanisms  of  the 
decentralized  protocol.  The  idea  is  that  in  Section  5  we  show  that  the  communi¬ 
cation  between  neighbors  can  play  the  role  of  both  the  oracle  and  the  slave. 

As  in  Section  3,  the  present  algorithm  finds  the  shortest  paths  and 
their  lengths  from  a  given  node  i  to  all  other  nodes  in  the  network.  The  oracle 
and  the  slave,  as  well  as  the  main  processor,  are  located  at  node  i. 

Assumptions  on  the  operation  of  the  oracle  and  the  slave 


4.1)  The  oracle  may  find  out  (in  some  yet  unspecified  way)  that  some  node  y  can 
be  made  permanent  at  some  time  t,  even  though  it  is  not  its  turn  according 
to"  <11>  in  CDA  (see  also  Theorem  3.1  e ; ) ;  the  assumption  is  that  this  can 
happen  only  if  both  N*s^(u)^0  and  N*d  y)=MMP(i ,y)  hold  (in  words,  only 
if  u  is  strongly  known i . 


4.2) 


ASK(p)  denotes  now  a  request  by  the  mam  processor  to  the  slave  for  some 

adjacencv  arrav  of  u  that  includes  the  set  R. 

J  i  u 


of  sons  of  v ;  the 
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assumption  here  is  that  ANS(y,A)  can  be  delivered  by  the  slave  only  as  a 

response  to  such  a  request  and  then  R.  c  A*n  c  S  and  A*d(r)=d  .  ,  . 

r  iy  -  -  y  y ,A  *n(r) 

for  all  r. 

4.3)  whenever  a  request  ASK(y)  is  released,  then  ANS(u.A)  is  delivered  by  the 

slave  within  arbitrary  finite  time. 

The  exact  algorithm  is  given  below. 

THE  EXTENDED  CENTRALIZED  DIJKSTRA  ALGORITHM  (ECDA) 

Variables_used  by  the  algorithm  at  node  i 
Same  as  in  CDA  and  in  addition  : 

A.  :  array  A^=(A«n^)  (one  column,  variable  length) 

A*n. (r)  :  node  designated  by  the  oracle  for  which  ANS  has  not  been  received  yet 
Messages  to/from  processor 

Same  as  in  CDA  except  that  R.  c  A*n  c  S  and  in  addition 
ORACLE (y)  =  oracle  designates  node  y. 


The_algorithm  at  node_  i 

Initial  state  :  itk  =  nil,  =  (0,<*>,  nil),  A-n^  =  nil 


1. 

For  START 

~t 

N.(i)  (1,0, nil);  ASK(i)  . 

3 . 

For  ANS (i ,A) 

4. 

N’s.(i)  *-  2,  V  x  e  A*n,  set  N.(x) 
i  •  i 

«-  (1  ,d.  ,  i)  ;  go  to  <1S>  . 

IX  b 

5. 

For  ORACLE(u)  (comment:  by  Assumption  4.1,  holds  N-s.(u)  / 0) 

6. 

if  N*si(y)^2 

7. 

then  if  y/nn  and  y^i  and 

y^A*  n  ^ 

8. 

then  ASK(y) 

9. 

enter  u  into  A*n. 

1 

10. 

For  ANS(u,A) ,  y/i 

11. 

N*si(y)  +■  2 

12. 

V  rows  r  of  A,  let  x  =  A*n(r) 

and 

13. 

if  N*s.(x)  <  2  and  N*d.(y) 

+  A'd(r)  N*d^  (x) 

14. 

then  N^(x)  (1,  N*d^(y) 

+  A*d(r)  ,  y) 

IS. 

delete  all  entries  u  from  A*n. 

i 

16. 

if  y=nv 

17. 

then  if  Vx  holds  N*s.(x)j*l, 

then  STOP, 

18. 

else  nn  *■  y*  that  achieves  min  { N * d ^  (v)  [  N •  s ^  y ) 

19. 

if  m.  t  A*n. , 

—  i  i  ’ 

then  ASK (m . ) 

.W-  - ■» 
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Our  goal  is  to  show  that  the  extended  algorithm  has  properties  similar  to 
those  of  Theorem  3.1,  but  we  first  need  some  preliminary  properties. 

Lemma  4 . 1 

★ 

a)  <4>  is  executed  at  most  once, at  time  t^  say  . 

b)  Node  y  enters  A*n^  iff  ORACLE(y)  '  is  received  and  N*s^(y)^2; 

it  stays  in  A*n^  until  ANS(y,A)  is  received,  at  which  time  all  entries  u 
in  A*n^  (and  in  nu  ,  if  nu  =  y)  are  deleted  and  N*s^(y)  *■  2. 

* 

c)  No  ANS(y,A)  or  ORACLE(y)  with  y^i  can  be  received  at  node  i  before  t^. 

d)  N*s^(x)  is  non-decreasing  for  any  given  x.  After  nu  «-  y  in  <18>,  the 
contents  of  nr  remains  unchanged  until  ANS(y,A)  is  received,  at  which  time 
N*s^(y)  -*-2,  y  is  deleted  from  hk  (and  from  A*n^  if  y  e  A*n^)  ;  afterwards 

y  will  never  enter  A*n^  or  nu  .  Similarly  once  y  is  deleted  from  A*n^  and 
possibly  from  nr  as  described  in  b)  above,  it  will  never  enter  A*n .  or  nu  . 

e)  For  each  y,  no  more  than  one  ASK(y)  is  requested  and  no  more  than  one  ANS(y,A) 

is  received  by  i. 

Proof  : 

★ 

a)  After  t^  we  have  that  N*s^(i)  =  2  and  cannot  be  changed,  hence  no  ASK(il  can  be 

sent.  Therefore  a)  is  proved  if  we  show  that  no  ASK(i)  can  be  sent  between 

* 

execution  of  <1>  and  t..  Let  t,  be  the  time  when  the  first  such  ASK(i)  is 

sent.  This  can  happen  only  in  <19>  and  let  t2  t^  be  the  first  time  <18>  is 

entered.  At  t-,,  <18>  cannot  be  entered  through  <16>  since  itu(t.,)  =  nil  and 

★ 

also  cannot  be  entered  through  <4>  since  t,  <  t-,  which  leads  to  a  contradiction. 

b)  follows  from  <9>,  <  1 1  > ,  <15>. 

* 

c)  Suppose  that  an  ANS(y,A),  y^i  is  received  for  the  first  time  at  time  t^  <  t^. 

Then  by  Assumption  4.2,  ASK(y)  was  sent  at  some  time  tj  <  t^.  Now  ASK(y)  was 

* 

not  sent  in  <19>  since  this  would  imply  either  that  t9  =  t^  (if  <19>  was 
reached  from  <4>)  or  that  ANS(y^,Aj),  y^i  was  received  at  t^  <  t^  (if  <19> 
was  reached  from  <10>).  Consequently  ASK(y)  was  sent  in  <8>  as  a  result  of  <5>, 

- 

...  ...  .  iV  -  -V  >11  •flm  i_ 
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which  implies  from  Assumption  4.1  that  N*  s^  (u)  (t-,)  ^0.  But  this  is  a  contradiction 

because  the  initial  state  is  N*s^(y)  =  0  and  only  <4>,  <11>  or  <14>  can  change 

★ 

this  value,  which  means  that  ANS(y,A)  has  been  received  before  t,  <  t1  <  t^, 

while  we  assumed  above  that  t^  is  the  first  time  such  a  message  is  received. 

This  proves  the  first  part  of  c)  and  the  second  follows  since  N-s^(ij)(t)  =  0 

★ 

for  all  u^i,  t  <  t^. 

d)  Since  N*s.(x)  can  be  changed  only  in  <2>,  <4>,  <11>  or  <14>,  parts  a)  and  c) 

above  imply  that  N*s^(x)  is  non-decreasing.  As  a  result  and  by  <18>,  <19>, 
once  nn  *■  u,  the  contents  of  nu  remains  unchanged  until  ANS(y,A)  is  received, 
and  then  N*s^(p)  -*-2,  y  is  deleted  from  iik  and  possibly  A*n.  .  This  part, 

together  with  <6>  and  <9>,  or  <18>  completes  th  proof  of  d) . 

e)  follows  from  the  fact  that  ASK(p)  is  sent  either  while  y  first  enters  A*n. 
or  when  m.  u,  whichever  comes  first 

l 

The  next  Theorem  is  the  equivalent  of  Theorem  3.1  for  the  ECDA  and 
summarizes  its  main  properties.  The  major  difference  is  that  d)  and  e)  of  Theorem 
3.1  do  not  necessarily  hold  for  ECDA. 

Theorem  4 . 1 

Under  Assumptions  4.1)  and  4.2)(the  Fundamental  Properties  a),  b) 
hold  for  ECDA  and  in  addition  : 

d)  At  all  times  holds  U  R.  c  P.UT.  c  u  S  ,  and  if  x  e  P.  and  y  e  R.  , 

xeP .  1X  1  1  xeP.  1  1X 

then  N*p. (y)  =  x.  1 

Provided  that  Assumption  4.5)  holds  also.  Fundamental  Property  c)  holds. 

Proof  : 

Lemma  4.1  shows  that  algorithm  ECDA  works  in  the  same  way  as 
CDA  except  for  two  features  :  first,  a  tentative  node  can  be  designated  to 
become  permanent  not  only  by  a  minimization  procedure  (<11>  in  CDA)  but  also 
by  an  oracle  and  second,  the  list  A*n  in  messages  ANS(u,A),  may  be  a 
proper  subset  of  S  ,  provided  that  A*n  £  R.^.  Because  of  the  second 

ECDA  may  not  improve  distances  to  some  neighbors  of  u  that  are  not 


feature 
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sons  of  u  (see  Assumption  4.2),  while  CDA  does  improve  them.  But  since  such  a 
neighbor  x  will  finally  be  reported  in  some  ANS(u^.A^)  where  x  is  the  son 
of  Uj,  the  validity  of  the  algorithm  is  not  affected.  Also,  Assumption  4.2) 
shows  that  d)  holds. 

Next,  suppose  that  at  a  given  stage  the  sets  P^  and  T\  verify  a) 
and  b) .  Then  the  node  in  verifying  <1S>  can  be  transferred  to  P  according 

to  CDA,  and  a  node  in  T.  designated  by  the  oracle  can  also  be  transferred  to 

since,  by  Assumption  4.1),  it  verifies  the  fundamental  property  a)  of  a  node  in  P^. 
The  subsequent  use  of  this  node  to  reduce  the  distances  of  adjacent  nodes  belonging 
to  T^  restores  to  T^  its  property  b) ,  as  in  the  CDA.  Observe  that  Assumption  4.3) 
has  not  been  used  up  to  this  point.  In  order  to  prove  that  c)  holds,  assume  the 
contrary.  Then  there  is  a  node  x  reachable  from  i  with  N*s^(x)  =  0.  Let  y  be 

the  node  that  is  closest  to  i  on  MMP(i,x) ,  with  N«s^(y)  =  0,  and  let  z  be  its 

predecessor  on  the  path.  Clearly  z  e  P^  and  d)  implies  that  c  u  T.. 

But  y  e  R-  and  y  t  P.  U  T.  which  is  a  contradiction.  Since  at  each  step  of  the 

algorithm  d)  holds  and  a  new  node  is  transferred  from  T^  to  P^,  and  since  the  intervals 
between  these  events  are  finite  by  Assumption  4.3),  the  algorithm  will  terminate  in 


finite  time. 


5.  Distributed  Dijkstra  Protocol  (DDP) 

In  this  section  we  present  a  distributed  protocol  that  computes  the 
shortest  paths  from  all  nodes  to  all  nodes  in  the  network  and  is  based  on  the 
Dijkstra  algorithm.  Just  before  entering  the  protocol,  each  node  is  assumed  to  keep 
only  its  own  identity,  the  weights  of  the  outgoing  adjacent  links  and  the  identities 
of  nodes  that  are  potentially  in  the  network.  When  a  node  completes  the  protocol, 
it  will  have  the  identities  of  the  nodes  that  are  reachable  and  the  shortest  path 
and  distance  to  each.  In  the  distributed  protocol,  neighboring  nodes  exchange 
control  messages  whose  role  is  to  propagate  topological  and  timing  information.  As 
such,  the  operations  performed  by  each  node  serve  a  double  purpose  :  advancing  the 
algorithm  at  the  node  and  helping  neighboring  nodes  to  obtain  information  that  will 
allow  them  to  proceed  with  their  algorithm.  In  fact  it  turns  out,  as  we  shall  see 
presently,  that  some  of  the  operations  can  serve  both  purposes. 

As  in  the  centralized  algorithms,  a  node  i  maintains  the  sets  of 

permanent  nodes  and  "Ik  of  tentative  nodes,  which  together  form  the  set  of  known 
nodes,  while  all  the  others  are  said  to  be  unknown  at  i.  Since  the  distributed 
protocol  is  exactly  the  ECDA  with  the  communication  mechanism  replacing  the  slave 
and  the  oracle,  we  may  assume  for  the  moment  for  illustration  purposes  that  all 
properties  of  ECDA  hold  here  also.  Now,  whenever  a  new  node  y  is  to  be  made  perma¬ 
nent  fas  in  <8>  or  <18>  of  ECDA),  we  have  that  N*s.(y)  =  1,  namely  u  is  tentative 
at  i  and  moreover,  it  will  be  shown  in  Lemma  5.2  that  at  this  time  u  is  strongly 
known  at  i  (Definition  3.1).  In  the  distributed  protocol  we  require  that  at  this 
time  node  i  sends  ASK(y)  to  the  first  node  f^(y)  on  MMP ( i  ,y) .  As  such,  the 
communication  with  this  neighbor  plays  the  role  of  the  slave  at  node  i  in  ECDA. 

Next  we  look  at  what  happens  at  node  j  =  f^(y)  when  it  receives  ASK(y) . 
First,  it  is  shown  in  Lemma  5.2  that  y  must  be  strongly  known  at  j  too,  so  that 
receiving  ASK(y)  can  play  the  role  of  the  oracle  at  node  j  (.see  Assumption  4.1). 

Now,  y  can  be  either  permanent  or  tentative  at  j.  In  the  first  case,  j  can 
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return  ANS(y,Aj)  to  i,  where  A*n  includes  the  set  R^  of  sons  of  u  for  j 
and  we  show  in  Lemma  5.2  that  R.  includes  the  set  R.  as  required  in 
Assumption  4.2.  On  the  other  hand,  if  y  is  tentative  at  j,  then  j  can  forward 
ASK (y)  to  the  next  node  f  ^  (y)  on  MMP(j,y)  and  the  procedure  can  be  repeated 
until  ASK(y)  reaches  a  node  where  y  is  permanent.  When  ANS(y,A)  will  even¬ 
tually  be  received  by  i  the  vector  A*n  will  include  the  set  R.  of 
sons  of  node  y.  At  that  time,  according  to  ECDA,  y  can  be  made  permanent  at 
j,  even  though  its  turn  has  not  come  yet  according  to  Theorem  3.1  e)  .  Also,  now 

j  can  send  ANS(y,A.)  to  i,  where  A*n.  or.  or. 

y  J  ~  ju  -  in 

We  next  present  the  exact  algorithm  performed  by  each  node  in  order  to 
implement  the  protocol. 

THE  DISTRIBUTED  DIJKSTRA  PROTOCOL  (DPP) 

Variables  used  by  the  algorithm  at  node  i 
Same  as  in  CDA,  and  in  addition  : 

=  (A»n^,  A*t\)  :  array  (2  columns,  variable  length),  where  a  row  r  consists  of; 
A*n^(r)  =  y  if  ASK(y)  was  received  and  forwarded 
A*f. (r)  :  denotes  link  on  which  ASK(A*n^(r)j  was  received 

L^  =  (L-n^,  L*s^)  :  array  (2  columns,  nr.  of  rows  =  nr.  of  links  adjacent  to  i 

as  described  below 

L«n^(£.)  =  identity  of  node  at  the  other  end  of  link  l  if  L*s^(£)  =  1  and 
=  nil  if  L*s^(l)  =  0. 

L*s^(i)  =  0  before  WAKE  is  received  on  link  =  1  afterwards 
mode^  =  -3  before  i  enters  the  protocol,  =  0  afterwards 
Messages  sent  and  received  by  the  algorithm  at  node  i 

START  whose  meaning  is  as  in  CDA,  can  he  received  provided  that  mode^  =  -1  (observe 
that  any  number  of  nodes  may  asynchronously  receive  START) 

WAKE(i)  sends  the  identity  of  i  to  all  neighbors  'plays  the  role  of  ASK C i j  of  ECDA) 
receipt  of  the  first  WAKE  signals  node  i  to  enter  the  protocol  unless  START 

- - .•  .  .  nr i 


was  received  previously  and  receipt  of  WAKE  from  all  neighbors  plays  the 
role  of  ANS(i,A)  of  ECDA. 


ASK(p)  requests  any  adjacency  array  of  p  that  includes  its  sons 
ANSfp.A.j  sends  list  of  nodes  A.  with  the  same  structure  as  in  ECDA 
ANS(p,A)  received  message  with  the  same  structure  as  before 
The  algorithm  at  node  i 

Just  before  entering  algorithm,  it  is  assumed  that  :  mode^  =  -1,  A^  = 


L. 

l 

=  (nil,  0) ,  IT  =  (0,®,  nil) . 

1. 

For  START 

2. 

N.  (i)  (1,0, nil);  modei«-0;  send  WAKE(i)  on  all 

adjacent  links 

3. 

For  WAKE(j)  received  on  link  l 

4. 

if  mode.  =  -1,  same  as  <2>. 

—  i 

5. 

L.U)  =  (j,D 

6. 

if  Vx,  holds  L*s.(x)  =  1 
—  r 

7. 

then  N*s.(i)«-2;  VxeL«n.  ,  set  N.  (x)-<-(l ,d.  ,i 

1  11  IX 

) 

3. 

same  as  <20>  -  <21>  with  i  replacing 

p;  go  to  <24>. 

9. 

For  ASK (p)  received  on  link  l 

10. 

if  N*si (p) =2 

11. 

then  same  as  <20>;  send  ANS(p,A^)  on  i 

12. 

else  if  p^i,  p^nu  and  p^A*n^ 

13. 

then  send  ASK(p)  to  first^(p)  (defined  below) 

14. 

enter  row  (p,{.)  into  A^ 

15. 

For  ANS(p,A)  received  on  link  l 

16. 

N*s. fp)«-2 

17. 

V  rows  r  in  A,  let  x  =  A*n(r)  and 

13. 

if  N»s^(x)<2  and  N«d^(p)  +  A*d(r)  ^  N*d^(x) 

19. 

then  (x)  ■*-  (1,  N-d^p)  +  /••d(r),  p) 

20. 

A.  ■*-  {(x,  D  )  |  N  •  p .  (x)  =  p)  where  D  =  N-d.(x) 

1X1  xi 

-  N’*di(u) 

21. 

Vr  s.t.  A*n^(r)  =  p,  send  ANS(p,A^)  on  A*f^(r) 

and  delete  row 

22. 

if  p=mi 

23. 

then  if  Vx  holds  S>s^(x')/1 ,  then  STOP 

24. 

else  m.  y*  that  achieves  min  [N*d 

-  i  7 

i  Cy) !  N  -  s  i  ( y )  = 

25. 

if  m.j!A*n.,  then  send  ASK(m.)  to  first,  (m.) 

—  l  i  ’  -  r  i v  a 

empty,  nn 


from  A. 
l 


} 
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Note  :  first ^ (x)  is  a  function  that  returns  the  identity  of  the  first 

node  after  i  on  the  path  to  x  known  at  i  (see  Definition  3.1); 

the  corresponding  link  can  be  found  from  Table  L^. 

Since  the  validation  of  the  distributed  protocol  is  based  on  comparison 

between  ECDA  and  DDP,  it  is  useful  at  this  stage  to  indicate  the  corresponding  steps 


ECDA 

DDP 

A 

h- • 

V 

A 

ro 

V 

<l>-<2>  and  <5>-<4> 

<3> 

<6> 

<4> 

<7>-<8> 

none 

A 

kO 

V 

1 

A 

V 

<5>-<9> 

<9> ,<12>-<14> 

<10>-<19> 

<15>-<25> 

In  order  to  validate  the  Dijkstra  Distributed  Protocol  (DDP),  we  only  have  to 
show  that  the  communication  mechanism  satisfies  Assumptions  4.1,  4.2  and  4.5. 

We  first  need  however  several  preliminary  properties  similar  to  those  of  Lemma  4.1. 

Lemma  5 , 1 

aj  Each  node  i  in  the  network  executes  either  <2>  or  <4>  (but  not  both) 

exactly  once  and  this  happens  before  node  i  executes  any  other  part  of  the 

algorithm.  WAKE  is  sent  on  any  link  before  any  other  message  and  exactly 

★ 

once.  Each  node  i  executes  <7>-<8>  exactly  once,  at  time  t^  say,  and 
afterwards  no  WAKE  is  received. 

b)  At  node  i,  row  (y,j)  enters  A^  iff  ASK(y)  is  received  from  j  and  N*s.(y)j*2. 

In  this  case,  row  (y,j)  stays  in  A^  until  either  i  receives  WAKE  from  all  its 
neighbors  (in  the  case  when  y=i)  or  i  receives  ANSfu,A),  at  which  time  row 
(y,j)  is  deleted  from  A^  (and  possibly  from  nu)  and  N*  s ^  (y)«-2 .  Also,  a 
message  ANS(y,A)  is  sent  from  i  to  j  only  if  i  has  previously  received  ASK(y) 
from  j . 
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c)  Before  time  t^,  no  ASK  is  sent  by  i,  no  ANS  is  sent  to  i,  no  ASK(y),  y^i 
is  sent  to  i  and  no  ANS  is  sent  by  i. 

d)  N*s^(x)  is  non-decreasing  for  any  given  x.  After  m.-'-y  in  <24>,  the  contents 

of  m.  remains  unchanged  until  ANS(y,A)  is  received,  at  which  time  N*s^(y}*-2 

and  y  is  deleted  from  (and  possibly  from  A*n^).  Afterwards  y  will  never 

enter  again  A.n^  or  nr.  Similarly,  after  row  (y,j)  is  deleted  from  A^  as 
described  in  b)  above,  y  will  never  enter  again  A«n^  or  nr. 

e)  For  each  y,  no  more  than  one  ASK(y)  is  requested  by  i  and  no  more  than  one 

ANS(m,/\)  is  received  at  i. 

Proof  : 

a)  The  proof  of  the  first  two  statements  is  simple  and  will  be  omitted  (see  also 

[6,  protocol  PI]).  In  order  to  prove  the  last  statement,  observe  that  each  node 

receives  exactly  one  WAKE  from  each  neighbor.  Once  all  messages  WAKE  have  been 
received,  <6>  holds  and  <7>,  <8>  are  executed.  Thereafter  no  WAKE  can  be 
received. 

b)  The  part  of  b)  concerning  the  operation  of  A.,  is  easily  proved  by  following 
the  algorithm,  (<9> , <10> ,<14>, and  <3>,<6>-<8>,<21>  or  <15>,<16>,<21>) .  In 
order  to  prove  that  ANS(y,A)  is  sent  from  i  to  j  only  if  j  has  previously  sent 
ASK(y)  to  i,  observe  that  ANS(y,A)  is  sent  in  <11>  or  <21>.  If  it  is  sent 
in  <11>,  it  is  the  result  of  <9>  and  the  statement  is  proved.  If  it  is  sent 
at  <21>,  then  row  (y,j)  e  A^  and  by  the  first  part  of  b) ,  ASK(y)  must  have 
been  previously  received  at  i  from  j. 

*  * 

c)  First  we  prove  that  no  ASK(y)  can  be  sent  by  i  before  t^.  Let  t^  <  t^  be 

★ 

the  time  when  the  first  ASK(y)  was  sent  by  i  before  t^.  This  cannot  happen 

* 

in  <25>,  because  <25>  cannot  be  reached  before  t^,  by  a  proof  similar  to  lemma 
4.1  a).  Hence  ASK(y)  is  sent  at  t,  in  <13>  as  a  result  of  receiving  ASK(y) 

X 

from  some  node  j.  Now  let  us  look  at  what  happens  at  node  j.  When  i  has  sent 
ASK(u) ,  it  was  true  that  i  »  first. (y)  and  since  y^i  from  <12>,  this  implies 
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that  N*p.(x)  =  i  for  some  x.  But  N-p.(x)  could  be  set  to  ij*j  only  in  <19>, 

as  a  result  of  j  receiving  ANS (i , A)  from  some  node  k  and  let  t2  <  t1 

be  the  time  k  has  sent  this  message.  The  following  argument  shows  that  this 

implies  that  node  i  has  sent  ANS (i, A)  in  <?>  at  some  time  before  or  at  t2:  anode  x/i 

can  send  ANS(i.A)  at  <11>  or  <21>  and  at  that  time  N*sx(i)  =  2;  now  N-s^i) 

can  be  set  to  2  only  in  <16>,  as  a  result  of  receiving  ANS(i , A)  from  some 

node  y  who  sent  ANS(i,A)  before  x  did,  and  we  repeat  the  argument  with  y 

instead  of  x.  The  only  other  way  is  N*sx(i)  *■  2  in  <7>  and  then  x=i 

proving  the  claim  that  i  has  sent  ANS(i,A)  before  or  at  t0.  However  this 

★  ★ 

is  a  contradiction,  since  i  executes  <7>  only  once  at  t^  and  t2  <  t^. 

*• 

This  completes  the  proof  that  no  ASK(y)  can  be  sent  by  i  before  t^. 

★ 

Now,  no  ANS (y ,  A)  can  be  sent  to  i  before  t^,  because  by  b)  this  would 
imply  that  i  has  previously  sent  ASKfy).  Also,  no  ASK(y),  u^i  can  be  sent  to 
* 

i  before  t^,  since  the  sending  node  j  must  have  i  =  first_.  (y)  and  this 

leads  to  a  contradiction  as  above.  Finally,  suppose  that  ANS(y,A)  is  sent  by  i 

*  * 

to  j  at  some  time  t  <  t^.  Since  <8>  is  executed  at  time  t^,  the  considered 

ANS  can  be  sent  only  in  <11>  or  <21>.  If  in  <11>,  observe  that  y^i,  since 

★ 

N*s^(i)  can  become  2  only  at  t^  (in  <7>)  or  in  <16>  as  a  result  of  receiving 

★ 

ANS,  and  the  latter  cannot  occur  before  t^  as  already  proved.  Therefore 
occurence  of  <11>  or  <21>  requires  that  ASK(y),  y^i  or  ANS(y,A)  respectively 
was  sent  to  i  before  t,  and  we  have  already  proved  that  both  situations 
cannot  happen. 

d)  and  e)  are  proved  as  in  Lemma  4.1. 

The  next  lemma  proves  that  the  communication  mechanism  of  DDP  has 
properties  as  required  by  Assumptions  4.l}-4.3)  of  ECDA.  Assumption  4.1)  is  covered 
by  a)  parts  c) ,  d) ,  e)  cover  Assumption  4.2)  and  f)  corresponds  to  Assumption  4.3). 

Part  b)  is  a  stronger  statement  than  a)  and  describes  the  coordination  of  the 
communication  mechanism,  thereby  providing  a  tool  for  the  proof  of  all  other  proper¬ 
ties.  The  fact  that  OOP  works  according  to  the  Dijkstra  algorithm  is  shown  in 
Theorem  S . 1 . 
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Lemma  5.2 

a)  ASK(u)  can  be  received  by  i  from  j  only  if  i  =  f ^  (y)  (see  Definition  in 
Section  2)  and  if  t  is  the  time  this  happens,  then  y  is  strongly  known  at 
i  at  time  t-. 

b)  ASK(y)  can  be  sent  by  i  to  j  only  if  i  =  f ^ (y)  ,  and  if  t  is  the  time 

this  happens,  then  both  i  and  j  know  strongly  y  at  time  t  and  N • s^ (y) (t) =1 . 

c)  ANS ( y , A )  can  be  sent  by  i  to  j  only  if  ASK(y)  has  previously  been  received 
by  i  from  j.  (This  has  already  been  proved  in  Lemma  5.1  b)). 

d)  In  any  ANS(y,A)  holds  A*n  c  S  and  A*d(r)  =  d  ,  ,  ,  for  any  r. 

’  v  *  —  y  y,A*n(r)  1 

e)  ANS (y  ,A)  can  be  received  by  i  from  j  onlv  if  j  *  f . (y)  and  then  A-n  3  R.  . 

x  —  ly 

f)  If  ASK (y )  is  sent  by  i  to  j,  then  ANS(y,A)  is  received  by  i  from  j 
within  finite  time. 

Theorem  5 . 1 

The  fundamental  properties  a),  b) ,  c)  presented  in  Theorem  3.1 
hold  for  DDP  and  in  addition  Theorem  4.1  d)  holds. 

The  proof  of  Lemma  5 . 2  and  Theorem  5 . 1  appears  in  the  Appendix  and 
proceeds  by  a  common  induction.  The  fact  that  ECDA  has  already  been  proved, 
allows  us  to  immediately  deduce  that  if  the  properties  of  Lemma  5.2  hold  up  to 
time  t,  then  Theorem  5.1  must  hold  also.  Therefore,  all  is  left  is  to  prove 
that  the  properties  of  Lemma  5.2  (communication  properties)  hold  at  a  given  time 
t  based  on  the  induction  hypothesis  that  Lemma  5.2  and  Theorem  5.1  are  true  up 


to  time  t-. 


6.  Conclusions 


This  work  presents  a  distributed  version  of  the  Dijkstra  shortest  path 
algorithm  and  its  formal  proof  using  a  new  validation  approach  for  distributed 
protocols . 

As  in  Friedman  [4],  we  take  advantage  of  the  fact  that  adjacency  arrays 
of  new  permanent  nodes  need  not  contain  all  neighbors  of  that  node,  a  property  that 
reduces  the  amount  of  computation  of  shortest  paths  as  well  as  the  lengths  of  messages 
of  the  type  ANS(y,A).  In  addition,  considering  the  fact  that  tentative  nodes  need  not 
become  permanent  in  order  of  increasing  distances  and  that  any  new  permanent  node  y 
at  some  node  i  is  also  strongly  known  at  all  nodes  on  the  shortest  path  from  i  to 
y,  we  set  up  a  communication  procedure  which  speeds  up  the  protocol  as  compared  to 
Friedman  [4],  without  increasing  the  communication  comp'exity.  For  example,  in  the 
network  of  Fig.  1  with  all  weights'  =  1,  if  the  communication  between  nodes  3  and  2 
is  slow,  then  in  our  protocol  nodes  3  and  1  will  add  nodes  4,5,6  to  the  list  of  perma¬ 
nents,  while  in  the  Gallager-Friedman  protocol  [4],  they  will  first  wait  for  node  2 
to  become  permanent  at  3 . 

The  communication  complexity  of  our  algorithm  is  computed  as  follows  : 

Each  node  sends  a  WAKE  message  to  its  neighbors  requiring  a  total  of  2 | E }  WAKE  messages. 
Each  node  i  sends  exactly  one  ASK(y)  and  one  ANS(y,A)  for  each  node  y/i  in  V. 


(Notice  that  these  messages  are  sent  on  the  tree  of  shortest  paths  to  „) .  Thus 
|V|(|V|-1)  messages  of  each  kind  are  sent  and  therefore  the  total  number  of  messages 

required  by  the  protocol  is  2(|E|  +  |Vj(jV|-l)  55  2  ([E|  +  |V|‘").  In  the  sequel 
we  neglect  message  headers  and  denote  by  w  the  number  of  bits  necessary  to 

encode  a  link  weight.  Then,  since  it  takes  log | V |  bits  to  encode  a 

node  identity,  WAKE(j)  and  ASK(u)  messages  are  responsible  for 
transmission  of  approximately  (2 1 E j  +  jvj  )  log  jv|  bits  (all  logarithms  are  base  2). 


On  the  other  hand,  A*n  in  message  ANS(y,A)  contains  up  to  JS^j  ~  nodes  (and 
this  happens  in  general  in  messages  sent  on  links  close  to  y)  and  down  to  | 
nodes( mostly  in  messages  sent  on  links  far  from  y.  Therefore  an  upper  bound  for 
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the  total  number  of  bits  sent  in  ANS(y,A)  messages  is 

| V | ( | V |  -  1)  jiyJ-  +  1  (log  |V|  +  w)  =*  2 | E [ | V | (log  ! V |  +  w )  bits.  In  the  same  way, 
if  we  had  A*n  =  in  each  message  ANS(y,A),  then  each  node  v  travels  exactly 

twice  on  each  branch  of  the  tree  of  shortest  paths  to  v  (once  as  y  and  once  in  A) ,  so  ] 

that  the  minimum  total  number  of  bits  sent  in  AN'S  messages  is  |V|  (21og|v|  +  w) . 

As  said  before,  the  communication  complexity  of  the  Gallager-Friedman  [4] 
algorithm  is  similar  to  ours.  Another  comparison  can  be  made  with  the  Gallager  j 

protocol  [3],  [6]  for  obtaining  minimum  hop  paths.  The  number  of  required  messages 
in  that  protocol  is  2  j  E |  (£+1),  where  i  is  the  average  depth  of  the  minimum  hop  tree? 

in  the  network  and  the  total  number  of  bits  is  2 1 E j  |v|  log  |v| .  Our  protocol  reduced 

to  this  particular  case  (all  weights  are  unity  and  hence  w  =  0)  requires  approximately; 
2(|e|+  I V I  )  messages  and  the  total  number  B  of  bits  is  bounded  approximately  by  : 

(2 | E |  +  5 ! V | 2) log | V |  $  B  s  (2 [ E | | V|  +  2  I E  J  ♦  |v|2)  log|v| 

On  the  other  hand  our  protocol  may  advance  faster  than  Gal  lager's  [3]  for  the  same 
reasons  as  in  the  comparison  with  the  Gallager-Friedman  protocol. 
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Appendix 

This  Appendix  contains  the  proofs  of  the  properties  of  DDP  that  do 
not  appear  in  the  body  of  the  paper.  The  properties  are  proved  in  a  different 
order  than  as  presented  in  the  paper,  because  in  tne  latter  they  are  given  in 
an  order  that  is  appropriate  for  illustration. 

Proposition  A. 1 

i)  In  any  ANS(y,A)  holds  A*n  c  . 

ii)  If  N*p.(x)/nil,  then  N*p.(x)eS  . 

1  1  X 

Proof 

Assertion  i)  is  part  of  Lemma  5.2  d)  ,  while  ii)  is  necessary  for 
the  proof,  which  proceeds  by  a  common  induction  on  time.  Both  claims  clearly 
hold  when  the  first  node  in  the  network  enters  the  algorithm.  Suppose  now 
that  they  hold  until  time  t-  and  observe  that  the  events  that  can  affect  the 
claims  are  <6>,  <10>  or  <15>,  at  a  node  i  say.  For  the  first  case,  <S>  assures 
that  only  neighbors  of  i  enter  L»n^  and  hence  ii)  is  preserved,  which  implies 
that  in  <8>  only  neighbors  of  i  enter  A*n^,  preserving  i) .  In  the  second 
case,  N\  is  not  altered  at  t,  hence  ii)  is  not  affected  and  in  <11>  only 
nodes  x  with  N*p^(x)  =  y  enter  A^,  so  that  i)  holds.  Finally  if  ANS(y,A) 

is  received  at  i  at  time  t  in  <15>,  we  have  A*n  c  S  by  the  induction 

—  y 

hypothesis.  In  <19>,  N-p^(x)  +-  y  only  if  x  t  A • n ,  hence  ii)  continues  to 
hold  and  in  <20>,  node  x  enters  A*n^  only  if  N«p^fx)  =  y,  hence  i) 
continues  to  hold  for  A.. 

l 

Proposition  A. 2 

i)  Lemma  5.2  a) 

ii)  Lemma  5.2  e) 

iii)  In  any  message  ANS (y , A1  holds  A*d(r)  =  d  .  ,  . 

6  •  y , A*n  fr) 

(this  is  the  yet  unproved  parts  of  Lemma  5.2  d) . 


for  all  rows  r  in  A 


iv)  Fundamental  properties  a),  b)  hold. 

v)  Theorem  4.1  d)  holds. 


vi)  Any  node  that  is  strongly  known  at  i  at  time  t^  <  t  is  also  strongly 
known  at  i  at  t. 

vii)  Lemma  5.2  b) . 

Proof 


Note  that  except  for  part  of  the  termination  (Fundamental  Property  c''), 
all  properties  that  have  not  been  proven  yet  are  included  here.  The  proof  proceeds 
by  a  common  induction,  assuming  that  all  properties  hold  in  the  entire  network  up 
to  time  t-  and  proving  that  they  continue  to  hold  at  time  t. 

i)  Let  <  t  be  the  time  when  j  has  sent  the  message  ASK(y).  By  vii) 

applied  at  time  t^  at  j,  we  have  that  i  =  f^  (y)  and  also  that  y  is 
strongly  known  at  i  at  time  t^ .  As  a  result,  vi)  implies  that  y  is 

strongly  known  at  i  at  time  t-. 

ii)  Node  j  has  sent  ANS(y,A)  in  <8>,  <11>  or  <21>  and  let  tj  <  t  be  the 

time  this  happened.  In  the  first  case  y  =  j  and  A*n  =  S_.  and  hence  the 
claim  holds.  If  ANS  was  sent  in  <11>  or  <  2 1 > ,  then  A*n  contains  all  nodes 
x  with  N*Pj(x)(tj)  =  y  and  it  is  also  true  that  N*Sj(y)(tj)  =  2 

(i.e.  ye  P.) .  Consequently  v)  applied  at  time  t ^  at  j  implies  that  any  v  in 

R.  is  in  A*n,  meaning  that  R.  <=A*n.  Now  the  fact  that  .ANS  is  sent  by  j  to 
1U  jy—  '  J 

i  implies  by  Lemma  5.1  b)  that  j  has  previously  received  ASK(y)  from  i 
and  hence  i)  implies  that  j  =  f^(y).  This  last  fact,  together  with  the 
remarks  following  Definition  2.1  say  also  that  c  R  completing  the 

proof. 

iii)  Observe  first  that  at  any  time  when  iv)  holds,  if  x  e  P^  U  T.  and  N-p  (x)=u, 

then  N*d^(x)  =  N*d^(y)  +  d^  (follows  from  the  definitions  of  "known"). 

Now,  a  node  i  can  build  a  new  message  ANS(y,A)  in  <8>,  <11>  or  <20>,  and 
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any  x  entering  A*n^  is  permanent  or  tentative.  If  Nk(x)  is  not  changed 

just  before  x  enters  A*n^  (this  can  happen  in  <11>  or  <20>)  and  since  iv) 

holds  at  time  t-  by  the  induction  hypothesis,  then  A*d.(x)  =  D  =  d  .'If 

1  x  u  x 

N^(x)  is  changed, and  this  can  happen  in  <7>  or  <19>,  then  =  d^x  or 
D  =  A*d(r)  respectively,  where  x  =  A*n(r).  Tn  the  second  case,  the  claim 
follows  from  the  induction  hypothesis  on  iii). 

iv)v)  Theorem  4.1  says  that  if  Assumptions  4.1)  and  4.2)  hold  up  to  and  including 
time  t,  then  Fundamental  Properties  a),  b)  and  Theorem  4.1  d)  hold  also  on 
this  interval.  Now  observe  that  Propositions  A.l  i) ,  A. 2  i) ,  ii) ,  iii)  and 
the  fact  that  ANS  is  received  only  as  a  result  of  ASK  (part  of  Lemma  5.2  c)), 
cover  Assumptions  4.1)  and  4.2).  The  fact  that  these  properties  hold  up  to 
and  including  time  t  has  already  been  proved  under  the  induction  hypothesis, 
the  previous  sections  of  Proposition  A. 2  and  Lemma  S.l  b) .  Consequently  iv) , 

v)  hold  at  time  t. 

vi)  follows  from  the  fact  that  iv)  implies  that  <1S>  cannot  hold  for  a  node  that  is 
strongly  known  at  i. 

vii)  First  we  prove  the  facts  that  node  i  knows  strongly  y  at  time  t,  N*s^(y)(t)=l 
and  j=f^(y).  Node  i  sends  ASK(y)  at  <15>  or  <25>.  If  in  <13>,  then  ASK(y) 
was  received  by  i  at  t  and  i)  implies  that  node  y  is  strongly  known  at 

i  at  time  t*.  Hence  it  is  strongly  known  at  t,  since  N\(.y)  is  not 
changed  at  time  t.  Also  the  fact  that  <10>  does  not  hold  implies  N*s^(y)  =  1 
and  <13>  implies  by  iv)  that  j  =  first^(y)  =  t\fu).  Now  if  node  i  sends 
ASK (y )  in  <25>,  then  y  =  nu  and  N*s^(y)  =  1.  In  this  case  y  =  is  the 
node  that  minimized  N*d^  among  tentative  nodes  and  as  in  the  proof  of 

Theorem  4.1  a),  nu  is  strongly  known  at  i  and  hence  j  =  first^(y)  =  f^(y). 

Next  we  show  that  at  time  t,  node  y  is  strongly  known  at  j  too.  Since  a  node 
always  strongly  knows  itself,  we  need  consider  only  the  case  y  t  j .  Let 

v  =  N*p^(y)(t)  and  observe  that  from  the  previous  part  j  =  f^(u)  =  f^(v). 


Also  note  that  N*p^(y)  was  assigned  the  value  v  in  <li)>  as  a  result  of 
node  i  receiving  y  in  A*n  of  ANS(v,A)  at  some  time  t^  <  t.  Then 
ii)  implies  that  this  ANS  was  received  from  j  and  when  it  was  sent  by  j, 
it  was  true  that  N*Pj(y)  =  v  and  v  e  .  Therefore  y  was  strongly  known 
at  j  at  that  time  and  from  vi)  it  is  strongly  known  at  j  at  time  t. 

Proposition  A. 3 

i)  Lemma  5.2  f) 

ii)  Fundamental  Property  c) 

Proof 


Observe  that  since  Lemma  5.2  f)  covers  Assumption  4.3),  Theorem  4.1 

assures  that  i)  implies  ii) .  To  prove  i)  note  that  Lemma  5.2  b)  implies  that  node 

Vi  is  strongly  known  at  i  at  the  time  t  when  ASK(y)  is  sent  to  j  and  also 

j  =  fi(a).  Let  i  =  iQ,  i  ,  i,,...,i  =  a  be  the  path  MMP(i.y)  to  y  known  at 

i.  The  algorithm  dictates  that  a  node  j  sends  ASK(y)  to  f. (y)  as  soon  as  it 

receives  ASK(y) ,  unless  it  has  sent  ASK(y)  before.  Therefore  any  node  i^  sends 

ASK(y)  to  i^+1  at  some  finite  time  before  or  after  t.  Node  y  sends  ANS(y,A) 

★ 

to  i  ,  at  t  or  whenever  it  receives  ASK(y)  from  i  . ,  whichever  comes 
m-i  y  m-l 

later.  Every  node  i^  sends  ANS(y,A)  to  ^  whenever  it  receives  ASK(y) 
from  i^_1  or  upon  receipt  of  ANS(y.A)  from  i^+1,  whichever  comes  later. 

k+1  ’ 


Consequently  any  node  i^  will  eventually  send  ANS(y,A)  to  i 
the  proof. 


completing 
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Footnotes 

1.  "For...."  stands  for  "the  operations  performed  by  the  processor  when 
receiving  ....". 

2.  The  notation  <•>  indicates  a  line  in  an  Algorithm.  If  not  explicitly 
said  otherwise,  the  reference  is  to  the  Algorithm  currently  under  consi¬ 


deration. 
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